使用AES / ECB / NoPadding和PKCS5Padding进行加密

Question

I don't have problem with not working code but it's confusing and I don't know why even though I use 16byte long string (so padding is not needed) I've got weird short output cG+etVq+7l+RfJS27jCtwg== (without padding but before encription it was 16byte long)

vs

cG+etVq+7l+RfJS27jCtwskFauqkVxpbMJGODZoZe5c= (with PKCS5Padding, yet String is the same ) So why?

public class AES {

private static SecretKeySpec secretKey;
private static byte[] key;

public static void setKey(String myKey)
{

        key = myKey.getBytes("UTF-8");
        secretKey = new SecretKeySpec(key, "AES");


}

public static String encrypt(String strToEncrypt, String secret)
{
    try
    {
        setKey(secret);
        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
        return Base64.getEncoder().encodeToString(cipher.doFinal(strToEncrypt.getBytes("UTF-8")));
    }
    catch (Exception e)
    {
        System.out.println("Error while encrypting: " + e.toString());
    }
    return null;
}

public static String decrypt(String strToDecrypt, String secret)
{
    try
    {
        setKey(secret);
        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, secretKey);
        return new String(cipher.doFinal(Base64.getDecoder().decode(strToDecrypt)));
    }
    catch (Exception e)
    {
        System.out.println("Error while decrypting: " + e.toString());
    }
    return null;
}

public static SecretKeySpec getSecretKey() {
    return secretKey;
}

public static void setSecretKey(SecretKeySpec secretKey) {
    AES.secretKey = secretKey;
}

public static byte[] getKey() {
    return key;
}

public static void setKey(byte[] key) {
    AES.key = key;
}

}

Answer 1

With PKCS5Padding , then padding is always added. There is no string where padding is not needed. A 16 byte string will produce a 32 byte output (the next multiple of 16).

See Padding on Wikipedia for example:

If the original data is an integer multiple of N bytes, then an extra block of bytes with value N is added. This is necessary so the deciphering algorithm can determine with certainty whether the last byte of the last block is a pad byte indicating the number of padding bytes added or part of the plaintext message.

Consider a plaintext message that is an integer multiple of N bytes with the last byte of plaintext being 01. With no additional information, the deciphering algorithm will not be able to determine whether the last byte is a plaintext byte or a pad byte. However, by adding N bytes each of value N after the 01 plaintext byte, the deciphering algorithm can always treat the last byte as a pad byte and strip the appropriate number of pad bytes off the end of the ciphertext; said number of bytes to be stripped based on the value of the last byte.